Posts Tagged 'Analyst'

This guest blog was contributed by Wendy Nather, Research Director, Enterprise Security Practice at The 451 Group. Her post comes on the heels of the highly anticipated launch of StillSecure's Cloud SMS, and it provides some great context for the importance of security in the cloud. For more information about Cloud SMS, visit www.stillsecure.com and follow the latest updates on StillSecure's blog, The Security Samurai.

If you're a large enterprise, you're in pretty good shape for the cloud: you know what kind of security you want and need, you have security staff who can validate what you're getting from the provider, and you can hold up your end of the deal – since it takes both customer and provider working together to build a complete security program. Most of the security providers out there are building for you, because that's where the money is; and they're eager to work on scaling up to meet the requirements for your big business. If you want custom security clauses in a contract, chances are, you'll get them.

But at the other end of the scale there are the cloud customers I refer to as being "below the security poverty line." These are the small shops (like your doctor's medical practice) that may not have an IT staff at all. These small businesses tend to be very dependent on third party providers, and when it comes to security, they have no way to know what they need. Do they really need DLP, a web application firewall, single sign-on, log management, and all the premium security bells and whistles? Even if you gave them a free appliance or a dedicated firewall VM, they wouldn't know what to do with it or have anyone to run it.

And when a small business has only a couple of servers in a decommissioned restroom*, the provider may be able to move them to their cloud, but it may not be able to scale a security solution down far enough to make it simple to run and cost-effective for either side. This is the great challenge today: to make cloud security both effective and affordable, both above and below 10,000 feet, no matter whether you're flying a jumbo airliner or a Cessna.

From time to time, I have posted about my frustration with GAAP accounting and traditional credit analysis and how it is not friendly to the hosting business model. For a refresher, click here, here, here, here, and here. By GAHAP, I jokingly mean “generally accepted hosting accounting principles.”

Mike Jones came in my office after a frustrating phone call with a credit analyst. They were trying to talk through collateral possibilities. He told me that the credit analyst has a problem because we carry hardly any accounts receivable. The credit analyst wants something that he can collect in case of default. In GAAP (generally accepted accounting principles), accounts receivable is the total amount that you have billed your customers but have not yet collected from them. Common sense hint: the accounts receivable balance won’t pay your bills – they won’t get paid until you collect the cash.

SoftLayer includes this common sense in its business model. Rather than send out invoices and bug people to pay us later, we choose to have our customers pay us in advance of their use of products and services. Many other hosting companies do the same. There are many advantages to this: we save costs that we would incur collecting the cash, we reduce the amount of abusive accounts that would sign up for a few days of malicious activity and never pay us, and it helps facilitate the on-demand billing side of the cloud computing model.
Again, the disadvantage of this practice comes about when trying to educate a set-in-his-ways credit analyst about our business model. Here is the basic gist of a mythical conversation between a credit analyst and a hosting company:

Credit Analyst: “I see you don’t have any accounts receivable to speak of.”

Hosting Company: “I know! Isn’t that great?”

Credit Analyst: “But if you default, what can I collect?”

Hosting Company: “You’d simply continue to bill the customers for their continued business. Because our customer agreement is month-to-month, you just collect for their next month of service over the next 30 days and you’ve essentially done the same as collect receivables. In fact, that is far easier than collecting past due receivables. We’d be happy place the anticipated next month billing to our customers on the balance sheet in an accounts receivable type of account, but GAAP does not allow this.”

Credit Analyst: “Oh my…you don’t have long term contracts? So all of your customers could leave at once? Isn’t that risky?”

Hosting Company: “We have several thousand customers who trust us with mission critical needs. They will not all leave at once. Our statistics show only a very low percentage of customers terminate services each month. Even through the depths of the recession, we had more new customers joining us than we had customers leaving.”

Credit Analyst: “But conceptually, they could all leave at once since they have no contracts.”

Hosting Company: “That is statistically impossible. The odds of that event are so low that it’s immeasurable. As I said, we provide mission critical services to our customers. To think that they will all no longer need these services simultaneously is paranoid. And if they did, would a contract keep them paying us? That’s doubtful. Let me ask you – do you lend to the electric company or the phone company?”

Credit Analyst: “Of course.”

Hosting Company: “Do their customers sign long term contracts?”

Credit Analyst: “Some do for special promotions. But for the most part – no.”

Hosting Company: “So why do you lend to them?”

Credit Analyst: “Why, the customers can’t live without electricity or phones. That’s a no brainer.”

Hosting Company: “It is exactly the same with our business. In this information age economy, our customers cannot live without the hosting services that we provide. You should look at us in a similar way that you look at a utility company.”

Credit Analyst: “But we classify your business as a technology company. Can’t you just have your customers sign contracts?”

Credit Analyst: “I guess there’s not much hope of you building up a sizeable accounts receivable balance then.”

Hosting Company: “It really makes no sense for us to do that.”

Credit Analyst: “We may not be able to do business with you. Do you have any real estate?”

Conclusion: Most credit analysts are so wrapped up in GAAP that they’ve forgotten the laws of statistics and many have even lost touch with common sense. Is it any wonder we’ve had a big banking crisis over the past couple of years?